fixed usage of "leases" command
[strongswan.git] / src / ipsec / ipsec.in
1 #! /bin/sh
2 # prefix command to run stuff from our programs directory
3 # Copyright (C) 1998-2002  Henry Spencer.
4 # Copyright (C) 2006 Andreas Steffen
5 # Copyright (C) 2006 Martin Willi 
6
7 # This program is free software; you can redistribute it and/or modify it
8 # under the terms of the GNU General Public License as published by the
9 # Free Software Foundation; either version 2 of the License, or (at your
10 # option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
11
12 # This program is distributed in the hope that it will be useful, but
13 # WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
14 # or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
15 # for more details.
16 #
17 # RCSID $Id$
18
19 # define a minimum PATH environment in case it is not set
20 PATH="/sbin:/bin:/usr/sbin:/usr/bin:@IPSEC_SBINDIR@"
21 export PATH
22
23 # name and version of the ipsec implementation
24 IPSEC_NAME="@IPSEC_NAME@"
25 IPSEC_VERSION="U@IPSEC_VERSION@/K`uname -r`"
26
27 # where the private directory and the config files are
28 IPSEC_DIR="@IPSEC_DIR@"
29 IPSEC_SBINDIR="@IPSEC_SBINDIR@"
30 IPSEC_CONFDIR="@IPSEC_CONFDIR@"
31 IPSEC_PIDDIR="@IPSEC_PIDDIR@"
32
33 IPSEC_STARTER_PID="${IPSEC_PIDDIR}/starter.pid"
34 IPSEC_PLUTO_PID="${IPSEC_PIDDIR}/pluto.pid"
35 IPSEC_CHARON_PID="${IPSEC_PIDDIR}/charon.pid"
36
37 IPSEC_WHACK="${IPSEC_DIR}/whack"
38 IPSEC_STROKE="${IPSEC_DIR}/stroke"
39 IPSEC_STARTER="${IPSEC_DIR}/starter"
40
41 export IPSEC_DIR IPSEC_SBINDIR IPSEC_CONFDIR IPSEC_PIDDIR IPSEC_VERSION IPSEC_NAME IPSEC_STARTER_PID IPSEC_PLUTO_PID IPSEC_CHARON_PID
42
43 IPSEC_DISTRO="Institute for Internet Technologies and Applications\nUniversity of Applied Sciences Rapperswil, Switzerland"
44
45 case "$1" in
46 '')
47         echo "Usage: ipsec command argument ..."
48         echo "Use --help for list of commands, or see ipsec(8) manual page"
49         echo "or the $IPSEC_NAME documentation for names of the common ones."
50         echo "Most have their own manual pages, e.g. ipsec_auto(8)."
51         echo "See <http://www.strongswan.org> for more general info."
52         exit 0
53         ;;
54 --help)
55         echo "Usage: ipsec command argument ..."
56         echo "where command is one of:"
57         echo "  start|restart  arguments..."
58         echo "  update|reload|stop"
59         echo "  up|down|route|unroute <connectionname>"
60         echo "  status|statusall [<connectionname>]"
61         echo "  ready"
62         echo "  listalgs|listpubkeys|listcerts [--utc]"
63         echo "  listcacerts|listaacerts|listocspcerts [--utc]"
64         echo "  listacerts|listgroups|listcainfos [--utc]"
65         echo "  listcrls|listocsp|listcards|listall [--utc]"
66         echo "  leases [<poolname> [<address>]]"
67         echo "  rereadsecrets|rereadgroups"
68         echo "  rereadcacerts|rereadaacerts|rereadocspcerts"
69         echo "  rereadacerts|rereadcrls|rereadall"
70         echo "  purgeocsp"
71         echo "  scencrypt|scdecrypt <value> [--inbase <base>] [--outbase <base>] [--keyid <id>]"
72         echo "  openac"
73         echo "  pluto"
74         echo "  scepclient"
75         echo "  secrets"
76         echo "  starter"
77         echo "  version"
78         echo "  whack"
79         echo "  stroke"
80         echo
81         echo "Some of these functions have their own manual pages, e.g. ipsec_scepclient(8)."
82         exit 0
83         ;;
84 --versioncode)
85         echo "$IPSEC_VERSION"
86         exit 0
87         ;;
88 --directory)
89         echo "$IPSEC_DIR"
90         exit 0
91         ;;
92 --confdir)
93         echo "$IPSEC_CONFDIR"
94         exit 0
95         ;;
96 copyright|--copyright)
97         set _copyright
98         # and fall through, invoking "ipsec _copyright"
99         ;;
100 down)
101         shift
102         if [ "$#" -ne 1 ]
103         then
104             echo "Usage: ipsec down <connection name>"
105             exit 2
106         fi
107         rc=7
108         if [ -e $IPSEC_PLUTO_PID ]
109         then
110                 $IPSEC_WHACK --name "$1" --terminate
111                 rc="$?"
112         fi
113         if [ -e $IPSEC_CHARON_PID ]
114         then
115                 $IPSEC_STROKE down "$1"
116                 rc="$?"
117         fi
118         exit "$rc"
119         ;;
120 down-srcip)
121         shift
122         if [ "$#" -lt 1 ]
123         then
124             echo "Usage: ipsec down-srcip <start> [<end>]"
125             exit 2
126         fi
127         rc=7
128         if [ -e $IPSEC_CHARON_PID ]
129         then
130                 $IPSEC_STROKE down-srcip $*
131                 rc="$?"
132         fi
133         exit "$rc"
134         ;;
135 listcards|rereadgroups)
136         op="$1"
137         shift
138         if [ -e $IPSEC_PLUTO_PID ]
139         then
140                 $IPSEC_WHACK "$@" "--$op"
141                 rc="$?"
142         fi
143         if [ -e $IPSEC_CHARON_PID ] 
144         then 
145                 exit 3 
146         else 
147                 exit 7 
148         fi 
149         ;;
150 leases)
151         op="$1"
152         rc=7
153         shift
154         if [ -e $IPSEC_CHARON_PID ]
155         then
156                 case "$#" in
157                 0) $IPSEC_STROKE "$op" ;;
158                 1) $IPSEC_STROKE "$op" "$1" ;;
159                 *) $IPSEC_STROKE "$op" "$1" "$2" ;;
160                 esac
161                 rc="$?"
162         fi
163         exit "$rc"
164         ;;
165 listalgs|\listpubkeys|\
166 listcerts|listcacerts|listaacerts|\
167 listacerts|listgroups|listocspcerts|\
168 listcainfos|listcrls|listocsp|listall|\
169 rereadsecrets|rereadcacerts|rereadaacerts|\
170 rereadacerts|rereadocspcerts|rereadcrls|\
171 rereadall|purgeocsp)
172         op="$1"
173         rc=7
174         shift
175         if [ -e $IPSEC_PLUTO_PID ]
176         then
177                 $IPSEC_WHACK "$@" "--$op"
178                 rc="$?"
179         fi
180         if [ -e $IPSEC_CHARON_PID ]
181         then
182                 $IPSEC_STROKE "$op" "$@"
183                 rc="$?"
184         fi
185         exit "$rc"
186         ;;
187 ready)
188         shift
189         if [ -e $IPSEC_PLUTO_PID ]
190         then
191                 $IPSEC_WHACK --listen
192                 exit 0
193         else
194                 exit 7
195         fi
196         ;;
197 reload)
198         rc=7
199         if [ -e $IPSEC_STARTER_PID ]
200         then
201                 echo "Reloading strongSwan IPsec configuration..." >&2
202                 kill -USR1 `cat $IPSEC_STARTER_PID` 2>/dev/null && rc=0
203         else
204                 echo "Reloading strongSwan IPsec failed: starter is not running" >&2
205         fi
206         exit "$rc"
207         ;;
208 restart)
209         $IPSEC_SBINDIR/ipsec stop
210         sleep 2
211         shift
212         exec $IPSEC_SBINDIR/ipsec start "$@"
213         ;;
214 route|unroute)
215         op="$1"
216         rc=7
217         shift
218         if [ "$#" -ne 1 ]
219         then
220                 echo "Usage: ipsec $op <connection name>"
221                 exit 2
222         fi
223         if [ -e $IPSEC_PLUTO_PID ]
224         then
225                 $IPSEC_WHACK --name "$1" "--$op"
226                 rc="$?"
227         fi
228         if [ -e $IPSEC_CHARON_PID ]
229         then
230                 $IPSEC_STROKE "$op" "$1"
231                 rc="$?"
232         fi
233         exit "$rc"
234         ;;
235 scencrypt|scdecrypt)
236         op="$1"
237         shift
238         if [ -e $IPSEC_PLUTO_PID ]
239         then
240                 $IPSEC_WHACK "--$op" "$@"
241                 exit "$?"
242         else
243                 exit 7
244         fi
245         ;;
246 secrets)
247         rc=7
248         if [ -e $IPSEC_PLUTO_PID ]
249         then
250                 $IPSEC_WHACK --rereadsecrets
251                 rc="$?"
252         fi
253         if [ -e $IPSEC_CHARON_PID ]
254         then
255                 $IPSEC_STROKE rereadsecrets
256                 rc="$?"
257         fi
258         exit "$rc"
259         ;;
260 start)
261         shift
262         if [ -d /var/lock/subsys ]; then
263                 touch /var/lock/subsys/ipsec
264         fi
265         exec $IPSEC_STARTER "$@"
266         ;;
267 status|statusall)
268         op="$1"
269         # Return value is slightly different for the status command:
270         # 0 - service up and running
271         # 1 - service dead, but /var/run/  pid  file exists
272         # 2 - service dead, but /var/lock/ lock file exists
273         # 3 - service not running (unused)
274         # 4 - service status unknown :-(
275         # 5--199 reserved (5--99 LSB, 100--149 distro, 150--199 appl.)
276         shift
277         if [ $# -eq 0 ]
278         then
279                 if [ -e $IPSEC_PLUTO_PID ]
280                 then
281                         $IPSEC_WHACK "--$op"
282                 fi
283                 if [ -e $IPSEC_CHARON_PID ]
284                 then
285                         $IPSEC_STROKE "$op"
286                 fi
287         else
288                 if [ -e $IPSEC_PLUTO_PID ]
289                 then
290                         $IPSEC_WHACK --name "$1" "--$op"
291                 fi
292                 if [ -e $IPSEC_CHARON_PID ]
293                 then
294                         $IPSEC_STROKE "$op" "$1"
295                 fi
296         fi
297         if [ -e $IPSEC_STARTER_PID ]
298         then
299                 kill -0 `cat $IPSEC_STARTER_PID` 2>/dev/null
300                 exit $?
301         fi
302         exit 3
303         ;;
304 stop)
305         # stopping a not-running service is considered as success
306         if [ -e $IPSEC_STARTER_PID ]
307         then
308                 echo "Stopping strongSwan IPsec..." >&2
309                 spid=`cat $IPSEC_STARTER_PID`
310                 if [ -n "$spid" ]
311                 then
312                         kill $spid 2>/dev/null
313                         loop=5
314                         while [ $loop -gt 0 ] ; do
315                                 kill -0 $spid 2>/dev/null || break
316                                 sleep 1
317                                 loop=$(($loop - 1))
318                         done
319                         if [ $loop -eq 0 ]
320                         then
321                                 kill -KILL $spid 2>/dev/null
322                                 rm -f $IPSEC_STARTER_PID
323                         fi
324                 fi
325         else
326                 echo "Stopping strongSwan IPsec failed: starter is not running" >&2
327         fi
328         if [ -d /var/lock/subsys ]; then
329                 rm -f /var/lock/subsys/ipsec
330         fi
331         exit 0
332         ;;
333 up)
334         shift
335         if [ "$#" -ne 1 ]
336         then
337             echo "Usage: ipsec up <connection name>"
338             exit 2
339         fi
340         rc=7
341         if [ -e $IPSEC_PLUTO_PID ]
342         then
343                 $IPSEC_WHACK --name "$1" --initiate
344                 rc="$?"
345         fi
346         if [ -e $IPSEC_CHARON_PID ]
347         then
348                 $IPSEC_STROKE up "$1"
349                 rc="$?"
350         fi
351         exit "$rc"
352         ;;
353 update)
354         if [ -e $IPSEC_STARTER_PID ]
355         then
356                 echo "Updating strongSwan IPsec configuration..." >&2
357                 kill -HUP `cat $IPSEC_STARTER_PID`
358                 exit 0
359         else
360                 echo "Updating strongSwan IPsec failed: starter is not running" >&2
361                 exit 7
362         fi
363         ;;
364 version|--version)
365         printf "Linux $IPSEC_NAME $IPSEC_VERSION\n"
366         printf "$IPSEC_DISTRO\n"
367         printf "See 'ipsec --copyright' for copyright information.\n"
368         exit 0
369         ;;
370 --*)
371         echo "$0: unknown option \`$1' (perhaps command name was omitted?)" >&2
372         exit 2
373         ;;
374 esac
375
376 cmd="$1"
377 shift
378
379 path="$IPSEC_DIR/$cmd"
380
381 if [ ! -x "$path" ]
382 then
383     path="$IPSEC_DIR/$cmd"
384     if [ ! -x "$path" ]
385     then
386         echo "$0: unknown IPsec command \`$cmd' (\`ipsec --help' for list)" >&2
387         exit 2
388     fi
389 fi
390
391 exec $path "$@"